Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Two explorer.exe, One taking all of my RAM's Memory

19 Dec 2014   #91
cpubus

Win 7 64 Home Prem
 
 

This GUID path under programdata is listed in that log report posted by callender...


My System SpecsSystem Spec
.
19 Dec 2014   #92
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Process Explorer

Okay try this: Run Process Explorer and highlight the problem explorer.exe then right click and choose "Suspend"

Then double click the explorer.exe entry and look at the "Threads" tab then click "Stack"

Click "Copy All" and open your text editor. Paste the results. Post them here.
My System SpecsSystem Spec
19 Dec 2014   #93
cpubus

Win 7 64 Home Prem
 
 

[QUOTE=Thorbro;2963803]Today? Sorry cpubus but I'm not sure I have seen anyone resolve this issue at all - this thread has been going for weeks without a clue. But who knows, maybe someone will find something. It does appear to be something malicious that is accessing the computer from remote location.

I'd say if this thing is using the same GUID folder for every computer to store the files then this thing is solved. A Christmas miracle! The question is what is this thing? Norton was on this machine and it was no help at all. You'd think running a dll with the same name as a system32 file would be at least something to raise an alarm about...
My System SpecsSystem Spec
.

19 Dec 2014   #94
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Afrims' log

Quote   Quote: Originally Posted by cpubus View Post
This GUID path under programdata is listed in that log report posted by callender...
Indeed it does appear in Afims's log:

{9A88E103-A20A-4EA5-8636-C73B709A5BF8}

So Afrim - you can try running the attached script in UVK (Rename with .uvk extension) and reboot if requested to do so by UVK.

UVK - FixList Afrim.txt


My System SpecsSystem Spec
19 Dec 2014   #95
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Request

If anyone else tracks it down request uploading to VirusTotal to get a report and post the link to the report before deleting the folder and files.
My System SpecsSystem Spec
19 Dec 2014   #96
cpubus

Win 7 64 Home Prem
 
 

Quote   Quote: Originally Posted by Callender View Post
If anyone else tracks it down request uploading to VirusTotal to get a report and post the link to the report before deleting the folder and files.
I will try this, it is still in the recycle bin at the moment I think. First I need to delete the registry entries that loaded it.
My System SpecsSystem Spec
19 Dec 2014   #97
Thorbro

Win 7 64-bit Home
 
 

Brilliant Cpubus; as soon as I am logged into my other (infected) PC I will give it a try. You might have to walk me through the delete process as your description is beyond my computer competence.
My System SpecsSystem Spec
19 Dec 2014   #98
Thorbro

Win 7 64-bit Home
 
 

I don't have the same DLL file in that location, but I do have the following under the same folder:
xrWCtmg2.dll (updated today)
Any reason I can't delete that? The original file name in Details is "XPSlayer"....

(Should the whole folder be deleted?)
My System SpecsSystem Spec
19 Dec 2014   #99
cpubus

Win 7 64 Home Prem
 
 

Quote   Quote: Originally Posted by Thorbro View Post
I don't have the same DLL file in that location, but I do have the following under the same folder:
xrWCtmg2.dll (updated today)
Any reason I can't delete that? The original file name in Details is "XPSlayer"....

(Should the whole folder be deleted?)
Yes, that looks suspicious, they just chose a different name for the file. Mine also had "XPSlayer" listed in the details. That folder should be deleted. Could you first drag out a copy of the dll file to your desktop and upload it to virustotal? Mine got deleted for good.

In order to delete that you can't have any explorer processes open, but you need explorer open to use the normal file system tools. Use the script suggested above or run a command prompt which will stay open with explorer closed.
My System SpecsSystem Spec
19 Dec 2014   #100
AfrimS

Windows 7 Home Premium 64bit
 
 

@cpubus I tried to find the thing you told me and its not within the folder, here is whats in the folder for me - Screenshot by Lightshot -. As for the uvk scan you want me to do callender im doing it right now

EDIT
Iv done the scan here is the LOG https://www.dropbox.com/s/z2iiwr8osl...%2014.log?dl=0
My System SpecsSystem Spec
Reply

 Two explorer.exe, One taking all of my RAM's Memory




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Two explorer.exe, one taking up to 3 gigs system memory
So the other thread was no help, so I started this one. When I start up my computer and after its loaded (in normal and clean boot) an explorer.exe shows up and starts rapidly ballooning up over the 2 million bits mark, making my computer really slow. I've cleaned with Comodo, Malwarebytes...
Performance & Maintenance
MsMpEng.exe taking up too much memory
MsMpEng.exe(windows defender) has taken up lots of my computer's ram and cpu usage and is making my computer really slow But when I try to open windows defender it says that windows defender has been disabled even though MsMpEng is running. Trying to turn on windows defender in order to disable it...
System Security
Internet explorer taking up a lot of memory, also disable screensaver
Does this happen to someone else also? I usually have about half dozen IE windows opened at anytime. I might start a few more and then close a couples. But eventually I notice one or two if the IE processes start to use up several hundred MB ram up to eventually 1GB ram. When one of the IE...
Browsers & Mail
Why is IE taking up so much memory?
I took a look at my TaskMan because my Core 0 was at 100%, and I just exited a flash game. I had 4 IE windows open, and a total of 4 tabs. One iexplore.exe was using over 400,000K. I clicked on the Applications tab, right clicked on each App, and selected Go To Process. None took me to the...
General Discussion
Svchost taking too much memory
my svhost process is taking too much Memory... making my computer lag..it havent happened any time before... http://www.pikipimp.com/pp/pimped_photo/s/image/52/806/368/Capture.PNG?ts=1264555978397:shock::shock::shock: please suggest a solution..
Performance & Maintenance
Graphics taking more memory
Hi, recently i brought a DELL Inspiron 15 laptop, which has 4GB RAM and integrated Graphics+Core i5 Processor.But when i check my system properties it shows Available Memory : 4GB (Usable 2.93GB). when i made some tests regarding the 1 GB missing RAM, i found that intergrated Graphics current...
Graphic Cards


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:04.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App